Vendors
日本語
search
  2. //
  3. Reports & insights
  4. //
  5. Open Banking Innovation Accelerates and Regulation Responds in North America

Open Banking Innovation Accelerates and Regulation Responds in North America

Create a vendor selection project
Click to express your interest in this report
Indication of coverage against your requirements
A subscription is required to activate this feature. Contact us for more info.
Celent have reviewed this profile and believe it to be accurate.
We are waiting for the vendor to publish their solution profile. Contact us or request the RFX.
Projects allow you to export Registered Vendor details and survey responses for analysis outside of Marsh CND. Please refer to the Marsh CND User Guide for detailed instructions.
Download Registered Vendor Survey responses as PDF
Contact vendor directly with specific questions (ie. pricing, capacity, etc)
29 April 2024
Craig Focardi

Section 1033 Will Modernize US Federal Consumer Data Privacy Regulation

Consumer data privacy laws, regulations, and protections have existed for decades but are being modernized across the globe in response to digital banking. Europe was the first region to create consumer data privacy laws and regulations in the current era when the Revised Payment Services Directive (PSD2) went into force in 2016 and The General Data Protection Regulation (GDPR) was passed on April 14, 2016 and became enforceable on May 25, 2018.The UK, Australia, and India also have or are near finalizing country level consumer data protection regulations.

While the regulatory focus in most countries is at the federal level, the US does not currently have a comprehensive and modern consumer data privacy act.It relies on a hodgepodge of federal and state laws and regulations overseen by multiple regulators.The current system has worked well in some ways but not in others. With consumers becoming more educated on data privacy and regulators continuing to hold entities accountable for how they store consumer data, what they can collect, and how they must disclose to the consumer, financial institutions need to not only meet new expectations and mandates, they should examine open banking regulations for additional business opportunities.

The key takeaway is that the approach to open banking in the US will be transitioning from a market-driven approach based on older consumer data privacy regulation to a more modern, regulatory-driven approach. We examine Section 1033 of the Dodd-Frank Act and Celent’s outlook for development of a more consistent, clearer, and customer-focused data privacy world in the US. change is coming, and banks should ensure they have the plans in place to maximise the potential benefits.

Open Banking in the US

No Single Federal Law Regulates Open Banking. Banks in the United States are regulated for consumer data privacy through a combination of federal and state laws, as well as oversight by regulatory agencies. The primary federal law that governs consumer data privacy for banks is the Gramm-Leach-Bliley Act (GLBA) of 1999. This law requires financial institutions, including banks, to implement safeguards to protect the privacy and security of customer information.

Under the GLBA, banks are required to provide customers with privacy notices that explain the types of information collected, how it is used, and how it is shared with third parties. Banks must also give customers the opportunity to opt out of certain information sharing practices. Additionally, banks are required to have security measures in place to protect customer data from unauthorized access or use.

The GLBA is enforced by several regulatory agencies, including the Office of the Comptroller of the Currency (OCC), the Federal Reserve System, and the Consumer Financial Protection Bureau (CFPB). These agencies conduct regular examinations of banks to ensure compliance with the GLBA and other applicable laws.

What is Section 1033, and Why It Matters

The Consumer Financial Protection Bureau (CFPB) issued a proposed rule in October 2023 that would support open banking for certain banking activities. CFPA section 1033 provides that, subject to rules prescribed by the CFPB, a covered entity (for example, a bank) must make available to consumers, upon request, transaction data and other information concerning a consumer financial product or service that the consumer obtained from the covered entity.

According to the CFPB, the proposed rule requires financial institutions offering transaction accounts (deposit accounts, credit cards, digital wallets, prepaid cards, and other transaction accounts) to set up secure methods for data sharing. The rule is intended to facilitate new approaches to underwriting, payment services, personal financial management, income verification, account switching, and comparison shopping. Additional non-transaction banking accounts may be covered at a later date.

Section 1033 Implementation is Coming Soon

Figure 1 summarizes Celent’s summary of the current timeline for implementation of the CFPB data portability rule that enables Section 1033.

Figure 1: Timeline for Consumer Financial Protection Bureau Data Portability Rule

Source: Ballard Spahr, LLP, Consumer Financial Protection Bureau (CFPB), Celent (as of February 16, 2024).

Compliance deadlines following publication of the final rule begin only six months later for the largest depository institutions and non-depository institutions that generate over $10 billion in annual revenue. Smaller financial institutions have more time but all firms need to be planning, implementing, and train employees to comply and to take advantage of the new revenue opportunities through traditional sales channels as well as in embedded finance and banking as a service (BaaS) business models.

The Path Forward

In Celent’s view, the current hodgepodge of federal and state regulation won’t disappear overnight when Section 1033 is implemented, but it is a step in the right direction and will create greater clarity, regulatory certainty, and business opportunity for financial institutions.

While significant financial services industry infrastructure financial data sharing already exists, significant work remains for consumer-authorized financial data sharing. Celent is actively researching and advising on this topic as it relates to business models and technology.

Celent will continue to actively monitor open banking laws and regulations; assess their impact on banking, lending, and payments; and incorporate these findings into our research, advisory, and consulting work.

Open banking regulation, technology, and implications for financial institutions is explored in more detail in the Celent Retail Banking team’s report Technology Trends Previsory: Retail Banking, 2024 Edition and Kieran Hines’ blog, Three Retail Banking Technology Trends to Watch in 2024.These pieces are well worth a read for financial institutions exploring open banking strategies and technology investment.Please call us to discuss open banking strategies and technology so we can help you succeed.

Comments